openjdk team mailing list archive
-
openjdk team
-
Mailing list archive
-
Message #13750
[Bug 1826001] Re: Update openjdk-8 to 8u212 - security fixes are provided
This bug was fixed in the package openjdk-8 - 8u212-b03-0ubuntu1
---------------
openjdk-8 (8u212-b03-0ubuntu1) eoan; urgency=medium
[ Tiago Stürmer Daitx ]
* Update to 8u212-b03. LP: #1826001.
* Security fixes:
- S8211936, CVE-2019-2602: Better String parsing.
- S8218453, CVE-2019-2684: More dynamic RMI interactions.
- S8219066, CVE-2019-2698: Fuzzing TrueType fonts: setCurrGlyphID().
* Revert to GTK2 as default since GTK3 still has padding and component
issues:
- debian/rules: always Build-Depends on libgtk2.0-dev and Depends on
libgtk2.0-0 instead of relying on gtk3 for some releases.
* debian/control: add missing dependency on testng (required by the
testsuites).
[ Andrej Shadura ]
* debian/rules: check for nodoc instead of nodocs in DEB_BUILD_OPTIONS.
Closes: 922757.
[ Matthias Klose ]
* debian/rules, debian/tests/jtdiff-autopkgtest.sh,
debian/tests/jtreg-autopkgtest.in, debian/tests/jtreg-autopkgtest.sh:
only set the JDK under test and allow jtreg to use its default JDK
for running the tests.
[ Thorsten Glaser ]
* Improve compatibility with older releases. Closes: #925407.
- debian/rules: determine source date using backwards-compatible
dpkg-parsechangelog call.
- debian/control.in: put @bd_cross@ onto same line as @bd_nss@ as
it can be empty.
-- Tiago Stürmer Daitx <tiago.daitx@xxxxxxxxxx> Thu, 25 Apr 2019
21:28:59 +0000
** Changed in: openjdk-8 (Ubuntu)
Status: New => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-2602
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-2684
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-2698
--
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-8 in Ubuntu.
https://bugs.launchpad.net/bugs/1826001
Title:
Update openjdk-8 to 8u212 - security fixes are provided
Status in openjdk-8 package in Ubuntu:
Fix Released
Bug description:
Current OpenJDK 8 version in Ubuntu is 8u191.
Java is now on 8u212 version
Debian already updated this in stable:
https://metadata.ftp-master.debian.org/changelogs//main/o/openjdk-8
/openjdk-8_8u212-b01-1~deb9u1_changelog
Debian packages:
https://packages.debian.org/search?keywords=openjdk-8&searchon=names&suite=all§ion=all
Changelog from OpenJDK:
https://mail.openjdk.java.net/pipermail/jdk8u-
dev/2019-April/009115.html
Seems that source code is already in Launchpad:
https://launchpad.net/ubuntu/+source/openjdk-8/+changelog
* Security fixes
- S8211936, CVE-2019-2602: Better String parsing
- S8218453, CVE-2019-2684: More dynamic RMI interactions
- S8219066, CVE-2019-2698: Fuzzing TrueType fonts: setCurrGlyphID()
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openjdk-8/+bug/1826001/+subscriptions